This document summarizes the current Ladra policy baseline.
Access Control
- Role-based access control with configurable permission keys.
- Admin-only controls for high-risk settings (for example AI model/provider switching and user management).
- Session-based authentication with server-side permission checks.
Data Protection
- Sensitive settings and secrets are encrypted before storage.
- Document storage keys are signed for controlled file access.
- Customer data access is partitioned by organization context.
Operational Security
- Audit log events for key administrative and matter actions.
- Health-check endpoints and runtime diagnostics for deployment monitoring.
- Permission-gated telemetry capture and admin visibility.
Secure Development
- Lint/build validation in deployment flow.
- Schema migrations tracked and deployed explicitly.
- Change management through version-controlled commits.